82a04313ce442b8c11ff456adabafcf6a30706f5962994b5be958dd4dbd0f5b2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

82a04313ce442b8c11ff456adabafcf6a30706f5962994b5be958dd4dbd0f5b2
Size

1011KB
Sample

221017-m39basbgdq
MD5

612ab50cf04baa6c3d92631f3b18d15a
SHA1

0f6beb8d60bb3e73f3062603a78e7853dbb59bea
SHA256

82a04313ce442b8c11ff456adabafcf6a30706f5962994b5be958dd4dbd0f5b2
SHA512

cc33ccee4ad0ca6ebee878f09e105bcbf5a46c0289921dd77d74db86e243dd62496d14d4a6f0c5bdfed342e7dbce908e51d1e89dc5cdb3b27c7f4ae8de3fed18
SSDEEP

24576:lKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSJJd3:OjLuSh3

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  82a04313ce442b8c11ff456adabafcf6a30706f5962994b5be958dd4dbd0f5b2
- Size
  
  1011KB
- MD5
  
  612ab50cf04baa6c3d92631f3b18d15a
- SHA1
  
  0f6beb8d60bb3e73f3062603a78e7853dbb59bea
- SHA256
  
  82a04313ce442b8c11ff456adabafcf6a30706f5962994b5be958dd4dbd0f5b2
- SHA512
  
  cc33ccee4ad0ca6ebee878f09e105bcbf5a46c0289921dd77d74db86e243dd62496d14d4a6f0c5bdfed342e7dbce908e51d1e89dc5cdb3b27c7f4ae8de3fed18
- SSDEEP
  
  24576:lKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSJJd3:OjLuSh3
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2